The smartly designed Amazon Echo faces vulnerability issues with reports of secret talks being mischievously tracked by the hacker family. No, if you are holding onto the new models released in the calendar year 2017, you need not worry. The hackers have been capable to dig through only the speakers unveiled last year in UK, sparing the smaller Echo Dot as well.
The MWR InfoSecurity researchers found out that the Amazon Echo speakers could be turned into a covert listening device whilst keeping the overall functionality intact. It was held possible to tamper with the Echo speakers without leaving any trace behind, although it required the hackers to get physical access to your devices.
The attackers can easily access the remote root shell of the Linux operating system via two routes: one through the exposed debug pads located on the base of the device, and two using a hardware configuration setting which allows the speaker to boot from an external SD card.
One of the MWR security consultant, Mark Barnes, working on the snag describes the method followed by the cyberpunks. “On the base of the Amazon Echo there are 18 pads you can easily access used for debugging the device. If you attach an SD card to certain parts you’re able to reboot the system without it showing you, which gives you access to the device and lets you basically do anything you want. Someone could use [the hack] to install malicious software on the device and turn it into a wiretap without the person who owns the Echo knowing.”
This enables the attackers to infiltrate into your Amazon account, the apps on the speaker, and into the system itself detects the wake word ‘Alexa’ or ‘Amazon’, which could allow them to hear all conversations taking place in the vicinity of your devices.
The invisible hack may still take place while it responds to your usual voice commands and the blue light gives no indication of the recording.
The internet connected home and speaker assistants turning into eavesdroppers have left even the Amazon officials regretful. “Customer trust is very important to us. To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date.”
Nevertheless, MWR InfoSecurity confirmed that the physical switch to turn down the hacking activity is located on your devices itself – the mute button on your Amazon Echo.
With over 100 million Alexa-equipped speakers sold in the market as of May 2017, there are chances that your device might be the ill-fated one. But you need not throw out the Echo, as a physical access is needed by the hackers to take control over your devices. You can still maintain caution by purchasing the Amazon Echo from Amazon stores only and avoiding second hand devices that might have been compromised by the cyber thieves.